warp-tls-3.3.2: HTTP over TLS support for Warp via the TLS package
Safe HaskellNone
LanguageHaskell2010

Network.Wai.Handler.WarpTLS

Description

HTTP over TLS support for Warp via the TLS package.

If HTTP/2 is negotiated by ALPN, HTTP/2 over TLS is used. Otherwise HTTP/1.1 over TLS is used.

Support for SSL is now obsoleted.

Synopsis

Runner

runTLSSocket :: TLSSettings -> Settings -> Socket -> Application -> IO () Source #

Running Application with TLSSettings and Settings using specified Socket.

Settings

data TLSSettings Source #

Settings for WarpTLS.

defaultTlsSettings :: TLSSettings Source #

Default TLSSettings. Use this to create TLSSettings with the field record name (aka accessors).

Smart constructors

From files

tlsSettings Source #

Arguments

:: FilePath

Certificate file

-> FilePath

Key file

-> TLSSettings 

A smart constructor for TLSSettings based on defaultTlsSettings.

tlsSettingsChain Source #

Arguments

:: FilePath

Certificate file

-> [FilePath]

Chain certificate files

-> FilePath

Key file

-> TLSSettings 

A smart constructor for TLSSettings that allows specifying chain certificates based on defaultTlsSettings.

Since 3.0.3

From memory

tlsSettingsMemory Source #

Arguments

:: ByteString

Certificate bytes

-> ByteString

Key bytes

-> TLSSettings 

A smart constructor for TLSSettings, but uses in-memory representations of the certificate and key based on defaultTlsSettings.

Since 3.0.1

tlsSettingsChainMemory Source #

Arguments

:: ByteString

Certificate bytes

-> [ByteString]

Chain certificate bytes

-> ByteString

Key bytes

-> TLSSettings 

A smart constructor for TLSSettings, but uses in-memory representations of the certificate and key based on defaultTlsSettings.

Since 3.0.3

From references

tlsSettingsRef Source #

Arguments

:: IORef ByteString

Reference to certificate bytes

-> IORef ByteString

Reference to key bytes

-> TLSSettings 

A smart constructor for TLSSettings, but uses references to in-memory representations of the certificate and key based on defaultTlsSettings.

Since: 3.3.0

tlsSettingsChainRef Source #

Arguments

:: IORef ByteString

Reference to certificate bytes

-> [IORef ByteString]

Reference to chain certificate bytes

-> IORef ByteString

Reference to key bytes

-> TLSSettings 

A smart constructor for TLSSettings, but uses references to in-memory representations of the certificate and key based on defaultTlsSettings.

Since: 3.3.0

data CertSettings Source #

Determines where to load the certificate, chain certificates, and key from.

Accessors

tlsCredentials :: TLSSettings -> Maybe Credentials Source #

Specifying Credentials directly. If this value is specified, other fields such as certFile are ignored.

Since 3.2.12

tlsLogging :: TLSSettings -> Logging Source #

The level of logging to turn on.

Default: defaultLogging.

Since 1.4.0

tlsAllowedVersions :: TLSSettings -> [Version] Source #

The TLS versions this server accepts.

>>> tlsAllowedVersions defaultTlsSettings
[TLS13,TLS12,TLS11,TLS10]

Since 1.4.2

tlsCiphers :: TLSSettings -> [Cipher] Source #

The TLS ciphers this server accepts.

>>> tlsCiphers defaultTlsSettings
[ECDHE-ECDSA-AES256GCM-SHA384,ECDHE-ECDSA-AES128GCM-SHA256,ECDHE-RSA-AES256GCM-SHA384,ECDHE-RSA-AES128GCM-SHA256,DHE-RSA-AES256GCM-SHA384,DHE-RSA-AES128GCM-SHA256,ECDHE-ECDSA-AES256CBC-SHA384,ECDHE-RSA-AES256CBC-SHA384,DHE-RSA-AES256-SHA256,ECDHE-ECDSA-AES256CBC-SHA,ECDHE-RSA-AES256CBC-SHA,DHE-RSA-AES256-SHA1,RSA-AES256GCM-SHA384,RSA-AES256-SHA256,RSA-AES256-SHA1,AES128GCM-SHA256,AES256GCM-SHA384]

Since 1.4.2

tlsWantClientCert :: TLSSettings -> Bool Source #

Whether or not to demand a certificate from the client. If this is set to True, you must handle received certificates in a server hook or all connections will fail.

>>> tlsWantClientCert defaultTlsSettings
False

Since 3.0.2

tlsServerHooks :: TLSSettings -> ServerHooks Source #

The server-side hooks called by the tls package, including actions to take when a client certificate is received. See the Network.TLS module for details.

Default: def

Since 3.0.2

tlsServerDHEParams :: TLSSettings -> Maybe Params Source #

Configuration for ServerDHEParams more function lives in cryptonite package

Default: Nothing

Since 3.2.2

tlsSessionManagerConfig :: TLSSettings -> Maybe Config Source #

Configuration for in-memory TLS session manager. If Nothing, noSessionManager is used. Otherwise, an in-memory TLS session manager is created according to Config.

Default: Nothing

Since 3.2.4

tlsSessionManager :: TLSSettings -> Maybe SessionManager Source #

Specifying SessionManager directly. If this value is specified, tlsSessionManagerConfig is ignored.

Since 3.2.12

onInsecure :: TLSSettings -> OnInsecure Source #

Do we allow insecure connections with this server as well?

>>> onInsecure defaultTlsSettings
DenyInsecure "This server only accepts secure HTTPS connections."

Since 1.4.0

data OnInsecure Source #

An action when a plain HTTP comes to HTTP over TLS/SSL port.

Instances

Instances details
Show OnInsecure Source # 
Instance details

Defined in Network.Wai.Handler.WarpTLS.Internal

Exception

DH parameters (re-exports)

This custom DH parameters are not necessary anymore because pre-defined DH parameters are supported in the TLS package.

data Params #

Represent Diffie Hellman parameters namely P (prime), and G (generator).

Instances

Instances details
Eq Params 
Instance details

Defined in Crypto.PubKey.DH

Methods

(==) :: Params -> Params -> Bool #

(/=) :: Params -> Params -> Bool #

Data Params 
Instance details

Defined in Crypto.PubKey.DH

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> Params -> c Params #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c Params #

toConstr :: Params -> Constr #

dataTypeOf :: Params -> DataType #

dataCast1 :: Typeable t => (forall d. Data d => c (t d)) -> Maybe (c Params) #

dataCast2 :: Typeable t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c Params) #

gmapT :: (forall b. Data b => b -> b) -> Params -> Params #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> Params -> r #

gmapQr :: forall r r'. (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> Params -> r #

gmapQ :: (forall d. Data d => d -> u) -> Params -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> Params -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> Params -> m Params #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> Params -> m Params #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> Params -> m Params #

Read Params 
Instance details

Defined in Crypto.PubKey.DH

Show Params 
Instance details

Defined in Crypto.PubKey.DH

NFData Params 
Instance details

Defined in Crypto.PubKey.DH

Methods

rnf :: Params -> () #

generateParams #

Arguments

:: MonadRandom m 
=> Int

number of bits

-> Integer

generator

-> m Params 

generate params from a specific generator (2 or 5 are common values) we generate a safe prime (a prime number of the form 2p+1 where p is also prime)